Recent malware infection could block Internet access to thousands

Published: May 10, 2012

Thousands of U.S. computers infected with malicious software by a sophisticated cyber crime ring could lose their Internet connectivity by July if they're not repaired.Last November, the Federal Bureau of Investigation announced that it had arrested and charged six Estonians with running a cyber crime ring that infected approximately 4 million computers in more than 100 countries with a class of malicious software called DNSChanger.The FBI estimated that about 500,000 of the infections involved U.S. computers, on computers belonging to individuals, businesses and government agencies -- including NASA.The malware worked by changing the computer's Domain Name Service, or DNS, settings. DNS is an Internet service that converts user-friendly domain names, like nhbr.com, into numerical addresses that allow computers to talk to each other.By changing users' DNS settings, the hackers were able to redirect users through rogue servers to websites of their choosing."Most of the time, those infected computers went to the right websites," writes Adam Coughlin, media and content coordinator for Dyn Inc., a Manchester-based provider of managed DNS, on the company's blog. "But whenever the hackers wanted to, they could send you to a website of their choice, promoting fake and/or dangerous products."The thieves were able to manipulate online advertising to generate at least $14 million in illicit fees, said Janice Fedarcyk, assistant director in charge of the FBI in November in a statement."In some cases, the malware had the additional effect of preventing users' anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software," said Fedarcyk.Shutting down the rogue servers would have made it so that users of the infected computers could no longer access the Internet, so the two-year FBI investigation -- called Operation Ghost Click -- included efforts to ensure that infected users' Internet access would not be interrupted through the operation. The mitigation plan included disabling the rogue servers and replacing them with clean servers to keep affected users online.But that solution is temporary, said the FBI, and the clean DNS servers will be turned off on July 9, at which time computers still affected by DNSChanger may lose Internet connectivity.Users in the U.S. can visit http://www.dcwg.org/ to see if their computer is infected. Affected computers should be taken to computer repair professionals to be fixed, said the FBI. -- KATHLEEN CALLAHAN/NEW HAMPSHIRE BUSINESS REVIEW

This article appears in the May 4 2012 issue of New Hampshire Business Review